package com.dzf.config;

import com.baomidou.mybatisplus.core.toolkit.StringUtils;
import com.dzf.entity.Permission;
import com.dzf.service.PermissionService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

import java.util.List;

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    PermissionService permissionService;

    @Value("${security.oauth2.client.client-id}")
    private String clientId;

    @Value("${security.oauth2.client.client-secret}")
    private String secret;

    @Value("${security.oauth2.authorization.check-token-access}")
    private String checkTokenEndpointUrl;

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

    @Bean
    public TokenStore redisTokenStore (){
        return new RedisTokenStore(redisConnectionFactory);
    }

    @Bean
    public RemoteTokenServices tokenService() {
        RemoteTokenServices tokenService = new RemoteTokenServices();
        tokenService.setClientId(clientId);
        tokenService.setClientSecret(secret);
        tokenService.setCheckTokenEndpointUrl(checkTokenEndpointUrl);
        return tokenService;
    }

    // 要从 redis中获取 token 就需要配置 tokenService
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenServices(tokenService());
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/api/public/**").permitAll();

        List<Permission> permissions = permissionService.findAll();
        for (Permission permission : permissions) {
            System.out.println(permission);
            if (StringUtils.isNotBlank(permission.getPermissionUri())&&StringUtils.isNotBlank(permission.getPermissionAuth()))
            {
                System.out.println("nb");
                http.authorizeRequests()
                        .antMatchers(permission.getPermissionUri())
                        .hasAuthority(permission.getPermissionAuth());
            }
            //权限值空的话就全角色可以访问
//            if (StringUtils.isNotBlank(permission.getPermissionUri())&&StringUtils.isEmpty(permission.getPermissionAuth()))
//            {
//                System.err.println("kon"+permission.getPermissionUri());
//                http.authorizeRequests()
//                        .antMatchers(permission.getPermissionUri())
//                        .permitAll();

//            }

        }

    }
}
